Archive for January, 2003

The UK Government recently undertook a consultation on “entitlement” cards – another term for identity cards. Whilst I’m very aware of the issues of identity fraud and other problems which ID card proposals purport to reduce, I have misgivings about whether they will actually help, and serious concerns over personal privacy implications.

My response, submitted to the Home Office, is below:

I am aware of the Government’s consultation on the possibility of introducing some kind of identity or “entitlement” card to the UK.

For the purposes of aggregation of for/against responses, I am against such a move.

Nevertheless, I would like to provide some more constructive and granular feedback than a simple yes/no response. Whilst resources limit the time I am able to devote to this topic, and therefore this response is less substantial than would be ideal, I would like to make the following observations which cover a number of points raised in the consultation:

The potential for abuse of such a system is worrying. Whilst I have no doubt that the strict security procedures and processes mentioned in the consultation would be implemented, the practical reality is that centralising such a large amount of data, and introducing complex links with a variety of services employing a large number of people creates a substantial risk of abuse, not only by those involved in administering and using such a system, but by police and other bodies. In particular, when combined with recent legislation such as the Regulation of Investigatory Powers Act, I can only conclude that such a system will open up new possibilities for widespread intrusion of privacy, albeit by a perhaps limited number of people. As an engineer by training and someone involved heavily in IT and database systems, I certainly appreciate the elegance and efficiency which centralised and rationalised data storage can bring, but in public systems (such as that which would be required for an identity card), the technological idealism and search for efficient delivery of services has to be balanced against the privacy and other risks to society. In this case, I am of the opinion that a system of the kind proposed may very well dangerously undermine some of the inherent safeguards in a somewhat decentralised system; primarily that the administrative burden to correlate disparate data naturally limits the potential scale of widespread surveillance and/or abuse of private information.

Whilst acknowledging that there is evidence that “identity fraud” is on the increase, I am not convinced that an identity card scheme will help to significantly reduce the incidence of such fraud. Whilst it may provide some benefits, I feel these may be offset by the fact that a universal identity card will provide a “high value” target for fraudsters. History shows that the higher the potential gains from forgeries and suchlike, the more resources that potential fraudsters will invest in circumventing the security provided by a system. Although a single centralised database certainly provides some benefits in this respect, only with a compulsory card and the introduction of biometric data would there be, I believe, a significant increase in the difficulty of committing identity fraud – but I do not believe that a system encompassing these features which will be acceptable to members of society at large is likely to be available in the foreseeable future.

Similarly, I am not convinced of the implicit assumption in the consultation that an identity card will necessarily reduce the incidence of illegal immigration or work. A “black market” for illegal workers is likely to always exist.

As correctly identified in the consultation, the risks involved in such a large-scale IT project would be significant. Past evidence of very large public/private sector IT projects shows that such projects tend to be under-estimated and may spiral out of control. With costs already estimated at £1.5bn, this is by all means an extremely large project, and I would voice a significant concern that the true end cost in purely financial terms may be much higher.

If it were to be decided that introduction of an identity card was mandated, I would strongly prefer a “voluntary” rather than “compulsory” card (as defined in the consultation).

The concepts discussed in the paper seem to follow very much “traditional” thinking on identity cards, whereas perhaps what is required here is some fresh thinking and new concepts. For example, whilst I don’t offer this by any means as a proposal (simply “food for thought”), how about a large-scale *decentralised* system, the fundamental concept of which would follow the lines of the PKI (public key infrastructure) trust/identity assurance system in use on parts of the Internet and other networks? The building of a nationwide, offline, optional, decentralised yet secure system where ‘networks’ or ‘webs’ of trust could be created would certainly be without precedent in the world and might easily be dismissed as “out of the question”, but perhaps in fact this is the kind of system which, with suitable planning (the enormity of which I do not underestimate) might actually enable some of the goals sought by an identity card system to be achieved, without introducing the centralisation and possibilities for abuse that “traditional” identity card systems may bring.

I sincerely hope that you will take account of these views/opinions, and find them useful as part of the consultation process.